Penetration Specialist III ~Remote~ No Clearance Required

Penetration's Specialist III

Location: Washington, DC~ REMOTE WORK !! No Clearance Required

Duties:

• The Information Security Analyst (Vulnerability Assessment) will work closely with the Information Technology (IT) department to help in the coordination effort to remediate security alerts and respond to information security related incidents that could potentially impact the network, systems and applications.
• Will be responsible for performing the daily tasks associated with information security, incident response and handling, vulnerability handling and security event monitoring.
• Will work closely with Fraud, Legal and/or Human Resources to facilitate general investigations.
• Assist in doing security risk assessments to assess the integrity of network connections, projects, applications or processes.
• Will work to implement the Funds Information Security Policies & Standards Design and implement a security event management program including IT/IS incidents to gather, store, correlate, analyze and respond to security data from logs & incident reports
• Leading role in the Computer Security Incident Response Team (CSIRT) process.
• Perform forensic investigations of security incidents Conduct application security reviews to ensure proper security controls are implemented
• Perform monitoring/auditing activities (e.g. monitoring access logs and assigned privilege levels) and respond to security events as appropriate.
• Execute vulnerability tests on networks, systems and applications when necessary.
• Perform regular scans and security assessments of the infrastructure, notify/escalate with IT, and document findings in a complete comprehensive report that includes technical and non-technical findings and recommendations.
• Mapping the security environment, and creating the procedures for security tests
• Evaluate security infrastructure logs for anomalous and unknown behavior
• Assist in security awareness training program
• Work with relevant personnel to evaluate new security technologies.

Qualifications:

• Knowledge of ISO 17799 and other leading security standards
• Firewall & Systems configuration and event log monitoring experience required
• Incident Response experience required
• IDS, IPS, Log Correlation Systems configuration and monitoring experience
• SANS and other InfoSec related certification a plus
• Excellent troubleshooting and analytical thinking skills Good written and oral communications skills
• Excellent interpersonal and customer service skills
• Self-directed, self-motivated, self-starter able to work with minimal supervision.
• Experience in conducting vulnerability assessments and penetration tests of software systems and networks.
• Experience in systems programming and computer network security
• Experience with relevant federal (e.g., FISMA, FISCAM, DITSCAP, Privacy Act, HIPAA), NIST 800 Series, OMB, and FIPS information technology security regulations, policies and procedures
• CISSP, CISM, CISA preferred
• Baccalaureate degree from a 4-year college or university – or 3-4 years experience with manual and automation application testing